I’ve really enjoyed running WordPress. However, there are a few features that plugin authors overlook or don’t consider. One such problem that I ran into was with the Social Login plugin that I use.
This is a great plugin (Social Login), but it was not loading profile images over HTTPS. While this may not seem like a big deal, it did make it so that a browser would report an issue with my site. This was a bit of a show stopper for me after the effort I put into getting certs/https/etc set up.
Fortunately, thanks to the flexibility of WordPress, and PHP in general, it wasn’t too terribly hard to fix.
The file responsible for building the URL to display profile images is located at oa-social-login/includes/user_interface.php.
In the method named “oa_social_login_custom_avatar,” I made this modification that modifies $user_picture if the server is currently using HTTPS:
//Avatar found? if ($user_picture !== false AND strlen (trim ($user_picture)) > 0) { if($_SERVER['HTTPS'] === 'on') { $user_picture = preg_replace("/^http:/i", "https:", $user_picture ); } return '<img alt="' . oa_social_login_esc_attr ($alt) . '" src="' . $user_picture . '" class="avatar avatar-social-login avatar-' . $size . ' photo" height="' . $size . '" width="' . $size . '" />'; }
By executing this regular expression after checking if the server is running HTTPS, the $user_picture URL would now point to an HTTPS endpoint. I’ve tested this with Facebook and Google logins and the avatar image now displays via an HTTPS url.
Another problem averted.. 🙂